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This listing of claims will replace all prior versions and listings of claims in the 
application: 

Listing of Claims : 

1. (Currently Amended) A system comprising a trusted computing platform 
including; one or mor e 

at least one first logically protected computing e nvironm e nts — (©f 
"oompartm e nts") compartment associated with i nit i a l isation initialization o f said system, 
and on e or more 

at least one second logically protected computing env i ronments — (©f 
"compartm e nts") compartment . the on© or o ach said— second logically protected 
computing e nvironment compartment being associated with at least one service or 
process supported by said system, 

wherein t he system being-is arranged to load onto said trusted computing 
platfomi a predetermined security policy including on e or mor e at least one security futes 
rule f or controlling the operation of each of said logically protected computing 
environments ;, such that said s e cur i ty rules 




wherein the security rule relating to the or e ach at least one first logically 
protected computing e nvironm e nt ar e arrang o d compartment is arranged to be loaded 
onto said trusted computing platform when the system is initialis e d initialized . and 

wherein t he on e or more at least one security futes -rule relating to the ©f^at least 



only arranged to be loaded onto said trusted computing platform if one or more services 
or processes associated therewith are enabled. 

2. (Currently Amended) A system according to claim 1, wherein one or more 
common var i abl e s ar e v ariable is defined for each compartment, in respoot of which 




one ©f-said-second logically protected computing 




compartment is 
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th ewherein a relevant security rul e s are rule is only arranged to be added if that-the 
variable associated with a particular compartment Is enabled for a particular 
compartm e nt . 

3. (Currently Amended) A system according to claim 2, wherein ono or mor e of a 
numb e r of variabl e s at least one variable associated with a directory of plug-ins are 
arrang e d is arranged to be added. 

4. (Currently Amended) A system according to claim 3, wherein the system is 
arranged to determine, in response to a compartment being enabled, tho status a status 
of said variab le s at least one variable and cause the relevant plug i n(s) a relevant plug-in 
based upon the directorv of plug-ins to run only if an associated variable is 'true'. 

5. (Currently Amended) A system according to claim 4, wherein the or e ach at 
least one compartment includes an operating system compartment arranged to be 
controlled by the operating system kernel. 

6. (Currently Amended) A system according to claim 5, wherein the 
compartments at least one compartment a nd network resources are arranged so 
communication between them is provided via relatively narrow kernel level controlled 
interfaces to a transport mechanism. 

7. (Currently Amended) A system according to claim 6, wherein said 
communication int e rfac e s ar e communication is arranged to be governed by rules 
specified on a compartment by compartment basis. 

8. (Currently Amended) A system according to claim 7, including means for 
determining when a service is starting, and on being enabled, for loading the 
compartment associated with that service and loading the at least one s ecurity futes 
rule associated with that service. 
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9. (Currently Amended) A system according to claim 8, including means for 
determining when a service starts, and causing said -the at least one security futes-rule 
to be loaded accordingly. 

10. (Currently Amended) A system according to claim 1, wherein the or e ach at 
least one compartment includes an operating system compartment arranged to be 
controlled by the operating system kernel. 

1 1 . (Original) A system according to claim 1 , including means for determining when 
a service is starting, and on being enabled, for loading the compartment associated with 
that service and loading the security rules associated with that service. 

12. (Currently Amended) A method of loading a security policy onto a system 
including a trusted computing platform, said trusted computing platform including on e or 
mer eat least one first logically protected computing environments (er 
"compartments") compartments associated with initialisat i on initialization of said system, 
and on e or more at least one second logically protected computing env i ronm e nts (or 
"Gompartments") compartments . the on e or e ach said a t least one second logically 
protected computing env i ronment compartments being associated with at least one 
service or process supported by said system, said security policy comprising one or 
more security rules for controlling the operation of each of said said the at least one 
logically protected computing e nvironment s compartments . the method including the 
steps ofi 

loading said security rules relating to the of-eae hat least one first logically 
protected computing environment onto said trusted computing platfomi when the 
system is initialis e d initialized . and 

loading the on e or more at least one security ftries -rule relating to the or at l e ast at 
least one of said s econd logically protected computing e nvironm e nts compartments 
onto said trusted computing platform only if one or more services or processes 
associated therewith are enabled. 
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